Note: This is an archival copy of Security Sun Alert 201173 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com
as Sun Alert 1000887.1.

Proxy Authentication to Sun ONE Calendar Server May Fails if Portal Display Preferences Are Changed

CategorySecurity

Release PhaseResolved

Bug Id
5014142

Date of Resolved Release21-JUL-2004

Impact

A security vulnerability in Sun Java System Portal Server Software 6.2 may allow a user to gain Calendar Server administrator credentials if the user changes the display options to select a non-default view. With these credentials, a user's session has unrestricted access to the calendar data and hence manipulation of that data. Such manipulation could include, but is not limited to: the deletion, creation, and modification of users, user information, calendar entries, and historical data.